Ethical Hacking, Penetration Testing & Computer Security

It seems it happened quite a while ago, I only just found out about it recently though when I was checking to see if L0phtcrack had been updated past version 5.

Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application.

The decision to discontinue support for L0phtCrack, also known as LC5, comes just months after Symantec stopped selling the application to customers outside the United States and Canada out of concerns that it violated cryptography export controls.

It is a shame as this was without doubt the best password cracker around, fastest for LM hashes by quite a long way.

There are other good alternative too, my favourite being Cain and Abel then probably John the Ripper. I’ll do an article about Password Crackers soon, a run down of the options.

“There was always going to be a double-edged sword for Symantec. L0phtCraft is valuable as a good password-strength auditing tool but it’s also popular with [malicious] hackers who used it to break passwords and attack networks,” Fleming said in an interview with eWEEK.

He said Digital Defense used L0phtCraft in its penetrating testing products to identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords.

L0phtCraft can also be used to recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to newer authentication systems.

It is a tough call for a ‘security company’ especially such a large one that has to take a lot of care about reputation and corporate image.